This article covers how to integrate LDAP/Active Directory with a SonicWall firewall.
1. Go to Users | Settings page
In the Authentication method for login drop-down list, select LDAP + Local Users and Click Configure
If you are connected to your SonicWall appliance via HTTP rather than HTTPS, you will see a dialog box warning you of the sensitive nature of the information stored in directory services and offering to change your connection to HTTPS. If you have HTTPS management enabled for the interface to which you are connected (recommended), check the “Do not show this message again” box and click Yes.
2. On the Settings tab of the LDAP Configuration window, configure the following fields
Name or IP address: The FQDN or the IP address of the LDAP server against which you wish to authenticate. If using a name, be certain that it can be resolved by your DNS server. IP address
of the LDAP server .
Port Number: The default LDAP over TLS port number is TCP 636. The default LDAP (unencrypted) port number is TCP 389. If you are using a custom listening port on your LDAP server,
specify it here.
Server timeout (seconds): The amount of time, in seconds, that the SonicWall will wait for a response from the LDAP server before timing out. Allowable ranges are 1 to 99999, with a default of 10 seconds.
Overall operation timeout (minutes): 5(Default)
Anonymous Login – Some LDAP servers allow for the tree to be accessed anonymously. If your server supports this (Active Directory generally does not), then you may select this option.
Login User Name – Specify a user name that has rights to log in to the LDAP directory. The login name will automatically be presented to the LDAP server in full ‘dn’ notation.
This can be any account with LDAP read privileges (essentially any user account) – Domain Administrative privileges are required. Note that this is the user’s display name, not their login ID.
Login Password – The password for the user account specified above.
Protocol Version – Select either LDAPv3 or LDAPv2. Most modern implementations of LDAP, including Active Directory, employ LDAPv3.
Use TL(SSL) : Use Transport Layer Security (SSL) to log in to the LDAP server.
3. On the Directory tab, configure the following fields:
Primary domain: The user domain used by your LDAP implementation
User tree for login to server: The location of where the tree is that the user specified in the settings tab
Click on Auto-configure
Select Append to Existing trees and Click OK
This will populate the Trees containing users and Trees containing user groups fields by scanning through the directories in search of all trees that
contain user objects.
4. On the Schema tab, configure the following fields:
LDAP Schema: Microsoft Active Directory
5. On the LDAP Users tab, configure the following fields:
Default LDAP User Group : Trusted Group
How to Test:
On the LDAP Test tab, Test a Username and Password in Active directory to make sure that the communication is successful.